NIST’s National Cybersecurity Center of Excellence (NCCoE) has released for public comment a preliminary draft of Volume B—the second of three volumes—of the upcoming practice guide, Validating the Integrity of Computing Devices (NIST Special Publication (SP) 1800-34). The preliminary draft documents only laptop (end-user) computing devices. A later draft will document the server. Technologies today rely on complex, globally distributed and interconnected supply chain ecosystems to provide reusable solutions. Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. This practice guide can benefit organizations that want to verify that the internal components of their computing devices are genuine and have not been altered during the manufacturing and distribution process.
By releasing each volume of the practice guide first as a preliminary draft and later as a draft, we can share the progress made to date and use the feedback received to shape future volumes of the practice guide. Work continues on developing the final section of this publication.
Share Your Expertise
Please download the document and share your expertise with us to strengthen the preliminary draft of SP 1800-34 Volume B. The public comment period is open through September 29, 2021. See the publication details for a copy of the document and instructions for submitting comments. Volume B provides an overview of the project’s approach, architecture, and security characteristics.
Security and Privacy: asset management, configuration management, roots of trust, vulnerability management
Technologies: BIOS, personal computers, servers